1. 28 3月, 2009 1 次提交
  2. 23 3月, 2009 1 次提交
  3. 15 3月, 2009 1 次提交
  4. 07 1月, 2009 3 次提交
    • M
      eCryptfs: Filename Encryption: filldir, lookup, and readlink · addd65ad
      Michael Halcrow 提交于
      Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
      and ecryptfs_readlink() to call out to filename encryption functions.
      Propagate filename encryption policy flags from mount-wide crypt_stat to
      inode crypt_stat.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      addd65ad
    • M
      eCryptfs: Filename Encryption: Header updates · a34f60f7
      Michael Halcrow 提交于
      Extensions to the header file to support filename encryption.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a34f60f7
    • M
      eCryptfs: Filename Encryption: Tag 70 packets · 9c79f34f
      Michael Halcrow 提交于
      This patchset implements filename encryption via a passphrase-derived
      mount-wide Filename Encryption Key (FNEK) specified as a mount parameter.
      Each encrypted filename has a fixed prefix indicating that eCryptfs should
      try to decrypt the filename.  When eCryptfs encounters this prefix, it
      decodes the filename into a tag 70 packet and then decrypts the packet
      contents using the FNEK, setting the filename to the decrypted filename.
      Both unencrypted and encrypted filenames can reside in the same lower
      filesystem.
      
      Because filename encryption expands the length of the filename during the
      encoding stage, eCryptfs will not properly handle filenames that are
      already near the maximum filename length.
      
      In the present implementation, eCryptfs must be able to produce a match
      against the lower encrypted and encoded filename representation when given
      a plaintext filename.  Therefore, two files having the same plaintext name
      will encrypt and encode into the same lower filename if they are both
      encrypted using the same FNEK.  This can be changed by finding a way to
      replace the prepended bytes in the blocked-aligned filename with random
      characters; they are hashes of the FNEK right now, so that it is possible
      to deterministically map from a plaintext filename to an encrypted and
      encoded filename in the lower filesystem.  An implementation using random
      characters will have to decode and decrypt every single directory entry in
      any given directory any time an event occurs wherein the VFS needs to
      determine whether a particular file exists in the lower directory and the
      decrypted and decoded filenames have not yet been extracted for that
      directory.
      
      Thanks to Tyler Hicks and David Kleikamp for assistance in the development
      of this patchset.
      
      This patch:
      
      A tag 70 packet contains a filename encrypted with a Filename Encryption
      Key (FNEK).  This patch implements functions for writing and parsing tag
      70 packets.  This patch also adds definitions and extends structures to
      support filename encryption.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9c79f34f
  5. 14 11月, 2008 1 次提交
  6. 17 10月, 2008 1 次提交
  7. 25 7月, 2008 3 次提交
  8. 07 6月, 2008 1 次提交
    • M
      eCryptfs: remove unnecessary page decrypt call · d3e49afb
      Michael Halcrow 提交于
      The page decrypt calls in ecryptfs_write() are both pointless and buggy.
      Pointless because ecryptfs_get_locked_page() has already brought the page
      up to date, and buggy because prior mmap writes will just be blown away by
      the decrypt call.
      
      This patch also removes the declaration of a now-nonexistent function
      ecryptfs_write_zeros().
      
      Thanks to Eric Sandeen and David Kleikamp for helping to track this
      down.
      
      Eric said:
      
         fsx w/ mmap dies quickly ( < 100 ops) without this, and survives
         nicely (to millions of ops+) with it in place.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Dave Kleikamp <shaggy@austin.ibm.com>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d3e49afb
  9. 29 4月, 2008 3 次提交
  10. 07 2月, 2008 5 次提交
  11. 17 10月, 2007 10 次提交
  12. 29 6月, 2007 1 次提交
    • M
      eCryptfs: fix write zeros behavior · 240e2df5
      Michael Halcrow 提交于
      This patch fixes the processes involved in wiping regions of the data during
      truncate and write events, fixing a kernel hang in 2.6.22-rc4 while assuring
      that zero values are written out to the appropriate locations during events in
      which the i_size will change.
      
      The range passed to ecryptfs_truncate() from ecryptfs_prepare_write() includes
      the page that is the object of ecryptfs_prepare_write().  This leads to a
      kernel hang as read_cache_page() is executed on the same page in the
      ecryptfs_truncate() execution path.  This patch remedies this by limiting the
      range passed to ecryptfs_truncate() so as to exclude the page that is the
      object of ecryptfs_prepare_write(); it also adds code to
      ecryptfs_prepare_write() to zero out the region of its own page when writing
      past the i_size position.  This patch also modifies ecryptfs_truncate() so
      that when a file is truncated to a smaller size, eCryptfs will zero out the
      contents of the new last page from the new size through to the end of the last
      page.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      240e2df5
  13. 17 2月, 2007 1 次提交
  14. 13 2月, 2007 8 次提交